Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-1448
HistoryAug 13, 2008 - 12:41 a.m.

CVE-2008-1448

2008-08-1300:41:00
CWE-264
[email protected]
web.nvd.nist.gov
32
cve-2008-1448
microsoft outlook express
windows mail
mhtml
protocol handler
cross-domain information disclosure
vulnerability

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.926 High

EPSS

Percentile

99.0%

JSON

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka “URL Parsing Cross-Domain Information Disclosure Vulnerability.”

Affected configurations

NVD
Node
microsoftoutlook_expressMatch5.5sp2
OR
microsoftoutlook_expressMatch6.0
OR
microsoftoutlook_expressMatch6.0sp1
OR
microsoftwindows_mail

Related

coresecurity 1
checkpoint_advisories 1
prion 3
openvas 2
securityvulns 3
nvd 3
nessus 1
cvelist 3
seebug 1
cve 2
coresecurity
coresecurity
Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass
2008-08-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows MHTML URL Parsing Information Disclosure (MS08-048; CVE-2008-1448)
2008-08-12 00:00:00
prion
prion
Information disclosure
2008-08-13 00:41:00
Design/Logic Flaw
2010-02-04 20:15:00
Design/Logic Flaw
2010-02-04 20:15:00
openvas
openvas
Security Update for Outlook Express (951066)
2008-08-19 00:00:00
Security Update for Outlook Express (951066)
2008-08-19 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS08-048 - Important Security Update for Outlook Express and Windows Mail (951066)
2008-08-12 00:00:00
CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass
2008-08-14 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2008-08-14 00:00:00
nvd
nvd
CVE-2008-1448
2008-08-13 00:41:00
CVE-2010-0555
2010-02-04 20:15:25
CVE-2010-0255
2010-02-04 20:15:49
nessus
nessus
MS08-048: Security Update for Outlook Express and Windows Mail (951066)
2008-08-13 00:00:00
cvelist
cvelist
CVE-2008-1448
2008-08-13 00:00:00
CVE-2010-0255
2010-02-04 19:00:00
CVE-2010-0555
2010-02-04 20:00:00
seebug
seebug
Microsoft IE MHTML协议处理器跨域信息泄露漏洞(MS08-048)
2008-08-15 00:00:00
cve
cve
CVE-2010-0255
2010-02-04 20:15:49
CVE-2010-0555
2010-02-04 20:15:25

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.926 High

EPSS

Percentile

99.0%

JSON
Related for CVE-2008-1448
coresecurity1checkpoint_advisories1prion3openvas2securityvulns3nvd3nessus1cvelist3seebug1cve2